From owner-freebsd-virtualization@FreeBSD.ORG Thu Nov 5 16:49:57 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D67B106566C for ; Thu, 5 Nov 2009 16:49:57 +0000 (UTC) (envelope-from hans-peter.huth@siemens.com) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mx1.freebsd.org (Postfix) with ESMTP id AAEA28FC1B for ; Thu, 5 Nov 2009 16:49:56 +0000 (UTC) Received: from mail2.siemens.de (localhost [127.0.0.1]) by thoth.sbs.de (8.12.11.20060308/8.12.11) with ESMTP id nA5GSbQs016618 for ; Thu, 5 Nov 2009 17:28:37 +0100 Received: from mchp7wta.ww002.siemens.net (mchp7wta.ww002.siemens.net [139.25.131.193]) by mail2.siemens.de (8.12.11.20060308/8.12.11) with ESMTP id nA5GSbpV022149 for ; Thu, 5 Nov 2009 17:28:37 +0100 Received: from MCHP7I5A.ww902.siemens.net ([139.25.131.136]) by mchp7wta.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Thu, 5 Nov 2009 17:28:36 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 5 Nov 2009 17:28:36 +0100 Message-ID: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Imunes and FreeBSD 8.0 RC2 Thread-Index: AcpeNQYbMvaOyhnuTwCR6n5JDWHVeA== From: "Huth, Hans-Peter" To: X-OriginalArrivalTime: 05 Nov 2009 16:28:36.0591 (UTC) FILETIME=[0653BFF0:01CA5E35] X-Mailman-Approved-At: Thu, 05 Nov 2009 21:00:34 +0000 Subject: Imunes and FreeBSD 8.0 RC2 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2009 16:49:57 -0000 Dear all, i have just installed FreeBSD 8.0 RC2 and wanted to play around with imunes/vimage, but i couldn't find it in the installed version (from DVD ISO). Did i just missed something, or what do i have to install something in addition? If so, FTP URLS would be helpful as my BSD machine is not in a network. Thanks, Hans-Peter Huth Siemens AG Corporate Technology CT IC 2 Otto-Hahn-Ring 6 81739 Munich, Germany Tel.: +49 (89) 636-43071=20 Fax: +49 (89) 636-51115=20 Mobile: +49 (173) 7068763 mailto:hans-peter.huth@siemens.com Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Peter Loescher, Chairman, President and Chief Executive Officer; Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322 From owner-freebsd-virtualization@FreeBSD.ORG Fri Nov 6 03:02:40 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BC071065676 for ; Fri, 6 Nov 2009 03:02:40 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 3BB3B8FC14 for ; Fri, 6 Nov 2009 03:02:40 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id D26B32394DD for ; Fri, 6 Nov 2009 05:06:45 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 97D694761F9 for ; Thu, 5 Nov 2009 22:13:21 -0500 (EST) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29178-07 for ; Thu, 5 Nov 2009 22:13:20 -0500 (EST) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 0A2A14761F8 for ; Thu, 5 Nov 2009 22:13:20 -0500 (EST) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Thu, 5 Nov 2009 22:13:19 -0500 Message-Id: <20091106030421.M99285@alentogroup.org> In-Reply-To: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> References: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: Imunes and FreeBSD 8.0 RC2 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 03:02:40 -0000 Hi, > i have just installed FreeBSD 8.0 RC2 and wanted to play around > with imunes/vimage, but i couldn't find it in the installed version > (from DVD ISO). Did i just missed something, or what do i have to > install something in addition? If so, FTP URLS would be helpful as my > BSD machine is not in a network. Build a custom kernel with option VIMAGE. You can initialize a vimage-enabled jail with: jail -c -l -U root -n jailname host.hostname=jailname.example.com path=/my/jail/path vnet persist If you want to use netgraph to build a virtual bridge between a physical ethernet interface and the vnet interface on the jail: # create netgraph bridge, connecting physical interface lower hook ngctl mkpeer msk0: bridge lower link0 # give the physical interface hook a convenient name ngctl name msk0:lower bridge0 # connect upper hook of physical interface to the bridge ngctl connect msk0: bridge0: upper link1 # create a netgraph node for the vnet interface, connected to the bridge ngctl mkpeer bridge0: eiface link2 ether # connect the vnet virutal interface and the netgraph node ifconfig ngeth0 vnet ns The work on vnet is well done, and has been reliable through all of my load testing. From owner-freebsd-virtualization@FreeBSD.ORG Fri Nov 6 06:03:52 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D61ED1065670 for ; Fri, 6 Nov 2009 06:03:52 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outJ.internet-mail-service.net (outj.internet-mail-service.net [216.240.47.233]) by mx1.freebsd.org (Postfix) with ESMTP id BDF6D8FC1D for ; Fri, 6 Nov 2009 06:03:52 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 840C314DE83; Thu, 5 Nov 2009 22:03:52 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 295092D601C; Thu, 5 Nov 2009 22:03:52 -0800 (PST) Message-ID: <4AF3BC47.4040708@elischer.org> Date: Thu, 05 Nov 2009 22:03:51 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: remodeler References: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> <20091106030421.M99285@alentogroup.org> In-Reply-To: <20091106030421.M99285@alentogroup.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org Subject: Re: Imunes and FreeBSD 8.0 RC2 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 06:03:52 -0000 remodeler wrote: > Hi, > >> i have just installed FreeBSD 8.0 RC2 and wanted to play around >> with imunes/vimage, but i couldn't find it in the installed version >> (from DVD ISO). Did i just missed something, or what do i have to >> install something in addition? If so, FTP URLS would be helpful as my >> BSD machine is not in a network. > > Build a custom kernel with option VIMAGE. You can initialize a vimage-enabled > jail with: > > jail -c -l -U root -n jailname host.hostname=jailname.example.com > path=/my/jail/path vnet persist > > If you want to use netgraph to build a virtual bridge between a physical > ethernet interface and the vnet interface on the jail: > > # create netgraph bridge, connecting physical interface lower hook > ngctl mkpeer msk0: bridge lower link0 > # give the physical interface hook a convenient name > ngctl name msk0:lower bridge0 > # connect upper hook of physical interface to the bridge > ngctl connect msk0: bridge0: upper link1 > # create a netgraph node for the vnet interface, connected to the bridge > ngctl mkpeer bridge0: eiface link2 ether > # connect the vnet virutal interface and the netgraph node > ifconfig ngeth0 vnet ns Ironically I haven't played with netgraph on vnet recently but haven't you forgotten to put the eiface into the other vimage? > > The work on vnet is well done, and has been reliable through all of my load > testing. > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" From owner-freebsd-virtualization@FreeBSD.ORG Sat Nov 7 01:28:01 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 382FF1065670 for ; Sat, 7 Nov 2009 01:28:01 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id ED42C8FC13 for ; Sat, 7 Nov 2009 01:28:00 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id BD4CD23961B for ; Sat, 7 Nov 2009 03:32:13 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 58FFD4761F9 for ; Fri, 6 Nov 2009 20:38:53 -0500 (EST) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02482-09 for ; Fri, 6 Nov 2009 20:38:51 -0500 (EST) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id A6D764761F8 for ; Fri, 6 Nov 2009 20:38:51 -0500 (EST) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Fri, 6 Nov 2009 20:38:51 -0500 Message-Id: <20091107013823.M86284@alentogroup.org> References: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> <20091106030421.M99285@alentogroup.org> <4AF3BC47.4040708@elischer.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: Imunes and FreeBSD 8.0 RC2 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2009 01:28:01 -0000 Hi, [sorry for dup to Julian] > > If you want to use netgraph to build a virtual bridge between a physical > > ethernet interface and the vnet interface on the jail: > > > > # create netgraph bridge, connecting physical interface lower hook > > ngctl mkpeer msk0: bridge lower link0 > > # give the physical interface hook a convenient name > > ngctl name msk0:lower bridge0 > > # connect upper hook of physical interface to the bridge > > ngctl connect msk0: bridge0: upper link1 > > # create a netgraph node for the vnet interface, connected to the bridge > > ngctl mkpeer bridge0: eiface link2 ether > > # connect the vnet virutal interface and the netgraph node > > ifconfig ngeth0 vnet ns > > Ironically I haven't played with netgraph on vnet recently but > haven't you forgotten to put the eiface into the other vimage? I mis-labelled the last line, using the name "ns" instead of an example name. This server has two dozen virtual servers attached through netgraph, and has been subjected to very heavy test-loading for the past two weeks (saturating the 100 base-T NIC's) on my development LAN. I am very impressed with vimage. This is a good alternative to xen. I don't know how most people will do networking on the host for vnet jails, but netgraph seems to me a natural choice. The jail rc.d scripts are not well designed for the new applications vimage opens up imo. I'm using a script to pull configuration info from a db for each virtual server, but there's a lot of security features in /etc/rc.d/jail that I'd like to migrate into it. From owner-freebsd-virtualization@FreeBSD.ORG Sat Nov 7 04:14:09 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F847106566C for ; Sat, 7 Nov 2009 04:14:09 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outU.internet-mail-service.net (outu.internet-mail-service.net [216.240.47.244]) by mx1.freebsd.org (Postfix) with ESMTP id 8229F8FC16 for ; Sat, 7 Nov 2009 04:14:09 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 0C24414DD56; Fri, 6 Nov 2009 20:14:10 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 8494F2D6016; Fri, 6 Nov 2009 20:14:08 -0800 (PST) Message-ID: <4AF4F410.2050600@elischer.org> Date: Fri, 06 Nov 2009 20:14:08 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: remodeler References: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> <20091106030421.M99285@alentogroup.org> <4AF3BC47.4040708@elischer.org> <20091107013823.M86284@alentogroup.org> In-Reply-To: <20091107013823.M86284@alentogroup.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org Subject: Re: Imunes and FreeBSD 8.0 RC2 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2009 04:14:09 -0000 remodeler wrote: > Hi, > > [sorry for dup to Julian] I'm glad you have found it useful. Heres' a chance for you to do something for me :-) can you make a couple of 'vimage recipes' in the form of scripts that people can use to do things? similar to /usr/share/examples/netgraph but /usr/share/examples/vimage. this one you have given would be agreat start and if you have scripts that set up 4 virtual machines on a network or something, that'd be great. We need some examples to seed people so that they can get started on it. > >>> If you want to use netgraph to build a virtual bridge between a physical >>> ethernet interface and the vnet interface on the jail: >>> >>> # create netgraph bridge, connecting physical interface lower hook >>> ngctl mkpeer msk0: bridge lower link0 >>> # give the physical interface hook a convenient name >>> ngctl name msk0:lower bridge0 >>> # connect upper hook of physical interface to the bridge >>> ngctl connect msk0: bridge0: upper link1 >>> # create a netgraph node for the vnet interface, connected to the bridge >>> ngctl mkpeer bridge0: eiface link2 ether >>> # connect the vnet virutal interface and the netgraph node >>> ifconfig ngeth0 vnet ns >> Ironically I haven't played with netgraph on vnet recently but >> haven't you forgotten to put the eiface into the other vimage? > > I mis-labelled the last line, using the name "ns" instead of an example name. > > This server has two dozen virtual servers attached through netgraph, and has > been subjected to very heavy test-loading for the past two weeks (saturating > the 100 base-T NIC's) on my development LAN. I am very impressed with vimage. > This is a good alternative to xen. > > I don't know how most people will do networking on the host for vnet jails, > but netgraph seems to me a natural choice. The jail rc.d scripts are not well > designed for the new applications vimage opens up imo. I'm using a script to > pull configuration info from a db for each virtual server, but there's a lot > of security features in /etc/rc.d/jail that I'd like to migrate into it. > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org"